[PATCH 5.4 120/120] xfs: fix use-after-free when aborting corrupt attr inactivation
From: Greg Kroah-Hartman
Date: Mon Sep 26 2022 - 06:51:14 EST
From: "Darrick J. Wong" <darrick.wong@xxxxxxxxxx>
commit 496b9bcd62b0b3a160be61e3265a086f97adcbd3 upstream.
Log the corrupt buffer before we release the buffer.
Fixes: a5155b870d687 ("xfs: always log corruption errors")
Signed-off-by: Darrick J. Wong <darrick.wong@xxxxxxxxxx>
Reviewed-by: Dave Chinner <dchinner@xxxxxxxxxx>
Reviewed-by: Christoph Hellwig <hch@xxxxxx>
Acked-by: Darrick J. Wong <djwong@xxxxxxxxxx>
Signed-off-by: Chandan Babu R <chandan.babu@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
fs/xfs/xfs_attr_inactive.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/xfs/xfs_attr_inactive.c
+++ b/fs/xfs/xfs_attr_inactive.c
@@ -209,8 +209,8 @@ xfs_attr3_node_inactive(
* Since this code is recursive (gasp!) we must protect ourselves.
*/
if (level > XFS_DA_NODE_MAXDEPTH) {
- xfs_trans_brelse(*trans, bp); /* no locks for later trans */
xfs_buf_corruption_error(bp);
+ xfs_trans_brelse(*trans, bp); /* no locks for later trans */
return -EFSCORRUPTED;
}